XnView [1], [2] is prone to a security vulnerability when processing PCT
files. This vulnerability could be exploited by a remote attacker to
execute arbitrary code on the target machine, by enticing the user of
XnView to open a specially crafted file.

4. *Vulnerable Packages*

. XnView v2.03 for Windows.
. Older versions are probably affected too, but they were not checked.

5. *Non-Vulnerable Packages*

. XnView v2.04.

6. *Credits*

This vulnerability was discovered and researched by Ricardo Narvaja from
Core Exploit Writers Team. The publication of this advisory was
coordinated by Fernando Miranda from Core Advisories Team.

7. *Technical Description / Proof of Concept Code*

Below is shown the result of opening the maliciously crafted file
'CORE-2013-0705-xnview-poc-4895a357a242d3c78.PCT'[3]:

CoreLabs, the research center of Core Security Technologies, is charged
with anticipating the future needs and requirements for information
security technologies. We conduct our research in several important
areas of computer security including system vulnerabilities, cyber
attack planning and simulation, source code auditing, and cryptography.
Our results include problem formalization, identification of
vulnerabilities, novel solutions and prototypes for new technologies.
CoreLabs regularly publishes security advisories, technical papers,
project information and shared software tools for public use at:
http://corelabs.coresecurity.com.

11. *About Core Security Technologies*

Core Security Technologies enables organizations to get ahead of threats
with security test and measurement solutions that continuously identify
and demonstrate real-world exposures to their most critical assets. Our
customers can gain real visibility into their security standing, real
validation of their security controls, and real metrics to more
effectively secure their organizations.

Core Security's software solutions build on over a decade of trusted
research and leading-edge threat expertise from the company's Security
Consulting Services, CoreLabs and Engineering groups. Core Security
Technologies can be reached at +1 (617) 399-6980 or on the Web at:
http://www.coresecurity.com.

This advisory has been signed with the GPG key of Core Security
Technologies advisories team, which is available for download at
http://www.coresecurity.com/files/attachments/core_security_advisories.a
sc.